Answer the question
In order to leave comments, you need to log in
Authorization in VK.COM? Or how to salt the hash?
Actually, after authorization, we get a hash.
Next, on the server, to check the authorization, you need this: app_id+user_id+secret_key
But it turns out that if an attacker receives this hash, then he will be able to log in to my site even if the person has changed the password from his account on my site? So right? If so, what is the solution?
Answer the question
In order to leave comments, you need to log in
The solution came up with this:
- Generate a temporary code according to the contact's DOC (one-time)
- Get it on the server and generate an access_token
- Use this access_token to get the user's data and see who he is
- Authorize by long pool
Yes, the solutions are:
1. transfer all information over a secure client-server connection,
2. check the access_token, to reduce requests to the VK api, after successfully checking the access_token, save it in the user account on your server, compare what saved with what the user sent.
But the topic of data compromise on the client side should not be decided by the developer, this is the user's concern.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question